troubleshooting Question

Rogue RDP Connections

Avatar of yohayon
yohayon asked on
Windows Server 2012Network SecuritySecurityNetwork ArchitectureWindows Networking
5 Comments2 Solutions318 ViewsLast Modified:
Since I noticed my ethernet connection performance as being saturated on my Windows 2012 R2 server,  I ran the netstat command & noticed alot of ip addresses having established connections to 3389. When looking further, I see that these ip addresses are from many different countries like korea, china, russia, turkey... What can I do to prevent these rogue connections? Are they authenticating to my server? Could there be an app on the server thats allowing this?
See only one example below:
  C:\Windows\system32>netstat -na | find "3389"
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    192.168.220.20:3389    81.25.47.69:57070      ESTABLISHED
  TCP    192.168.220.20:3389    81.25.47.69:57184      ESTABLISHED
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros